A client of ours based out of Phoenix is seeking a highly skilled Risk Management Specialist to join their team focusing on risk oversight in a highly regulated banking environment. The ideal candidate will have a strong background in IT and Risk Management, with hands-on experience in areas such as helpdesk support or SOC analysis. This role requires expertise in NIST and COBIT frameworks, as well as quantitative risk assessment methodologies, particularly the FAIR framework.
Key Responsibilities:
Risk Oversight: Monitor and analyze external industry trends and regulatory changes impacting technology and information security risk management.
Annual Risk and Control Self-Assessments (RCSAs): Lead and execute annual RCSAs, ensuring comprehensive evaluations of first line functions and compliance with regulatory requirements.
Targeted Assessments: Conduct targeted assessments to evaluate first line functions, utilizing regulatory guidance and current trends in technology and information security.
Process Level Assessments: Perform detailed process-level assessments to identify vulnerabilities and recommend enhancements.
Vendor Management: Assist in managing penetration testing and physical security assessments with external vendors, ensuring deliverables align with internal standards.
Reporting and Metrics: Develop and report on internal metrics for IT and Information Security, presenting findings to various stakeholders.
Identity Crisis Management: Provide expertise in managing identity crisis situations within the organization, implementing best practices for remediation.
Collaboration: Engage with first, second, and third-line stakeholders to ensure effective communication and coordination across the organization's risk management framework.
Qualifications:
Education: Bachelor's degree in a related field; Master's degree preferred.
Experience: Minimum of 10 years in Risk Management, Information Technology, or Cybersecurity, with at least 5 years in first line or second line functions within a banking or regulated environment.
Framework Expertise: Strong knowledge of NIST and COBIT frameworks; familiarity with other regulatory guidance for technology and cybersecurity.
Quantitative Risk Analysis: Experience with quantitative risk assessments and the FAIR methodology.
Technical Background: Previous experience in IT support (helpdesk) or as a SOC analyst is highly desirable.
Certifications: Professional certifications such as CISSP, PCNA, or C-Risk are strongly preferred.
Communication Skills: Excellent verbal and written communication skills, with the ability to engage and influence stakeholders at all levels.
Analytical Skills: Strong analytical abilities to assess processes, data, and trends to recommend enhancements and improvements.
Organizational Skills: High degree of organization and personal accountability, with the capability to make decisions in an ambiguous and fast-paced environment.